Risk ID

3 48
26 27
41 73
44 53
59 1
69 49

2 10
8 52
19 6
33 3
40 7
43 4
56 9
71 8
79 2

1 78
4 19
5 46
7 69
12 76
14 23
17 29
30 51
34 15
36 16
53 63
60 79
70 12
75 11
76 13
82 14

10 50
11 67
21 66
29 18
32 45
52 22
58 17

45 24

6 34
20 32
55 31
67 80
73 33
81 21

35 77
42 40
72 41
80 39

18 47
25 38
27 65
31 36
50 35
51 25
65 44
66 37

13 57
15 59
16 81
28 68
47 54
48 56
49 55
54 61
62 58
63 60
74 43
78 42

9 71
22 64
23 26
24 62
37 75
38 70
39 30
46 72
57 20
61 74
64 28
68 82
77 5
Risk Name
Job Responsibility and CrossTraining
Data File Sharing Policy
Security software with reliance on VPN connection to get new policy
MDM Policy Enforcement
Access Cloud Services on any Non-MED Computer
Legacy Authentication methods still being used

Active Directory Management objects review

Logging Local Accounts instead of domain
Account Management Self Service Identity System (FIM)
Account Management Domain Accounts
Account Management Vendor and Contractor access
Account Management Local Administrator Password Solutions (LAPS)
Accounts Management with MFA exclusions
Accounts Management for full ADMIN
Account & Password Management for Local Admin

Vendor Documentation from Eyefinity

AV Alerts being addressed as "best effort"
IPTV devices with YouTube TV subscriptions

Server Standards Unable to stand up "clean" AL Web Servers

Change Management Approval Process for Coding
Data Governance Integration data imports bringing in junk/unstructured information
Load Balancing Server and Application
Application Management on Windows Store
Application Management Server Patching Cycle
PCI Compliance Credit Card solution
Vendor Mangement SLA's for OD vendor hardware/software support
Acuity Logic Scalable System
Acuity Application Single Sign On(SSO)
Application Control Undocumented internal applications
Application Management OEM software in older Integration deployments

Lifecycle Management Practices

Procurement Signoff on Hardware & Software
Procurement Approval Process for new hardware or software
Asset Management not fully deployed
Hardware Supply Chain Issues any new computer hardware
Centralized Contract and Renewal management
Asset Management Validation and tracking equipment (IT and OD)

Cloud Stradegy Using single cloud platform

Disaster Recovery Maintence & Coverage Plan

Disaster Recovery (DR) Plan Validation
Disaster Recovery
Vital servers and services have no redundancy or failover
Disaster Recovery Backup and Recovery Procedures
Business Continuity

Unsupported legacy software still running due to bad conversions

EOL Hardware Vulnerable to BIOS attacks
EOL Windows version unable to update (Non MED)
EOL Devices with Trusted Platform Module (TPM 1.2)

Ivanti Services Removal

Endpoint Management Windows Patching Windows 7 & 10 devices connected to network
Printer Management
Endpoint Management
EndPoint Encryption
Computers not joined to the domain
Hardware Standards across retail offices
Endpoint Management UEFI and Secure boot not turned on/not supported

Network Load Balancing

Network Scalability
Vonage to Granite converted offices
Rackspace Network Backbone 1 GE
Network Backup Connection
Network Layer 2 and Layer 3 Segmentation
Network Distributed or Regional Routing
Networking Unmanaged switches in all locations
Network Resouce Sharing Offices with multiple practices on a shared network
Network SD-WAN Routing
Grantic Meraki Design and Configuration
Granite Network Scalable Design & Deployment Solution

Security Content Filtering Solution for Remote Computers

Policy Exceptions for Doctors
Content filtering Solution is not fully utilized
Office Integration CleanUp unsecure servers and NAS devices left from previous office
Security Strategy Compliance (NIST, ISO, DSS)
Security offices/home offices
Data Lost Prevention (DLP) Solution support for email system
Security Monitoring Solution presents unnecessary noise
Azure Proactive Security Monitoring implementation
Security Some office network equipment in customer accessable areas
Data Governance Access Control Role-based (RBAC)
Wifi Security Management shared password
Account Management Passwords Security taped to screens in public locations
Category Probability Impact: Cost Impact: Schedule Impact: Security
Access 1 1 1 1
 Access 1 1 1 2
Access 1 2 1 2
Access 1 2 1 2
Access 1 2 2 2
Access 1 2 2 3

Account 1 1 1 1
Account 1 1 1 1
Account 1 2 2 1
Account 1 2 2 2
Account 1 1 2 2
Account 1 2 2 2
Account 1 2 2 2
Account 1 1 2 3
Account 2 1 2 3

Applicaitons 1 1 1 1
Applicaitons 1 1 1 1
Applicaitons 1 1 1 1
Applicaitons 1 1 1 1
Applicaitons 1 1 1 2
Applicaitons 1 1 2 1
Applicaitons 1 1 1 2
Applicaitons 1 2 1 1
Applicaitons 1 2 2 2
Applicaitons 1 1 2 2
Applicaitons 1 2 1 2
Applicaitons 1 2 2 2
Applicaitons 1 3 3 2
Applicaitons 2 2 2 2
Applicaitons 2 2 2 3
Applicaitons 2 3 3 3

Asset 1 2 1 1
Asset 1 1 2 1
Asset 1 1 2 1
Asset 1 2 2 1
Asset 1 2 2 2
Asset 1 2 2 2
Asset 1 2 2 2

Cloud 1 2 2 2

DR 1 1 1 1
DR 1 2 2 1
 DR 1 2 2 2
DR 1 2 2 2
DR 2 2 2 2
DR 2 3 2 3

End of Life 1 2 2 2
End of Life 1 2 2 2
End of Life 1 2 3 3
End of Life 2 3 2 3

End Point 1 2 1 1
End Point 1 1 1 2
End Point 1 2 1 1
End Point 1 1 1 2
End Point 1 2 1 2
End Point 1 2 2 2
End Point 1 2 2 2
End Point 1 2 2 2

Network 1 2 1 1
Network 1 2 1 1
Network 1 2 2 1
Network 1 2 2 1
Network 1 2 2 2
Network 1 2 1 2
Network 1 2 2 2
Network 1 2 1 2
Network 1 2 1 2
Network 1 1 2 2
Network 2 2 2 2
Network 2 2 2 3

Security 1 1 1 2
Security 1 1 1 2
Security 1 1 1 2
Security 1 1 1 2
Security 1 2 2 2
Security 1 2 1 2
Security 1 2 2 2
Security 1 2 1 2
Security 1 2 2 2
Security 1 2 2 2
Security 1 1 2 2
Security 1 1 1 4
Security 2 1 1 4
Impact: Reputation Score (Pre-Mitigation) Cost (Pre-Mitigation) Cost (Mitigation)
1 1 $0.00 $0.00
2 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
1 3 $0.00 $0.00
3 4 $0.00 $0.00
16
1 1 $0.00 $0.00
1 1 $0.00 $0.00
1 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
3 4 $0.00 $0.00
3 8 $0.00 $0.00
28
1 1 $0.00 $0.00
1 1 $0.00 $0.00
1 1 $0.00 $0.00
1 1 $0.00 $0.00
2 2 $0.00 $0.00
1 2 $0.00 $0.00
2 2 $0.00 $0.00
1 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 4 $0.00 $0.00
1 6 $0.00 $0.00
3 8 $0.00 $0.00
3 10 $0.00 $0.00
52
1 2 $0.00 $0.00
1 2 $0.00 $0.00
1 2 $0.00 $0.00
1 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
17
2 3 $0.00 $0.00
3
1 1 $0.00 $0.00
1 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 6 $0.00 $0.00
3 10 $0.00 $0.00
25
2 3 $0.00 $0.00
2 3 $0.00 $0.00
3 5 $0.00 $0.00
3 10 $0.00 $0.00
21
1 2 $3,250.00 $0.00
2 2 $0.00 $0.00
1 2 $0.00 $0.00
2 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
20
1 2 $0.00 $0.00
1 2 $0.00 $0.00
1 2 $0.00 $0.00
1 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 6 $0.00 $0.00
3 8 $0.00 $0.00
40
2 2 $0.00 $0.00
2 2 $0.00 $0.00
2 2 $0.00 $0.00
2 2 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
2 3 $0.00 $0.00
4 4 $0.00 $0.00
4 8 $0.00 $0.00
41
Description